From 94e5a44335d9241533b42f90d3819d139bd1e1ac Mon Sep 17 00:00:00 2001
From: Jan Zickermann <jan.zickermann@dataport.de>
Date: Mon, 16 Dec 2024 15:14:45 +0100
Subject: [PATCH] #2 OZG-7121 script: Add fetch client secret script

---
 ...tore-truststore-from-tls-secret.dockerfile |  2 +-
 scripts/fetch-client-tls-secret.sh            | 27 +++++++++++++++++++
 ...t-store.sh => fetch-server-trust-store.sh} |  0
 .../keystore-truststore-from-tls-secret.sh    |  0
 4 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100755 scripts/fetch-client-tls-secret.sh
 rename scripts/{fetch-trust-store.sh => fetch-server-trust-store.sh} (100%)
 rename {src/main/resources/store => scripts}/keystore-truststore-from-tls-secret.sh (100%)

diff --git a/keystore-truststore-from-tls-secret.dockerfile b/keystore-truststore-from-tls-secret.dockerfile
index 7e7625e..478b24c 100644
--- a/keystore-truststore-from-tls-secret.dockerfile
+++ b/keystore-truststore-from-tls-secret.dockerfile
@@ -2,7 +2,7 @@ FROM alpine:3.21
 
 RUN apk add --no-cache openssl openjdk11
 
-COPY --chown=185 src/main/resources/store/keystore-truststore-from-tls-secret.sh /opt/
+COPY --chown=185 scripts/keystore-truststore-from-tls-secret.sh /opt/
 
 VOLUME /store /tls
 USER 185
diff --git a/scripts/fetch-client-tls-secret.sh b/scripts/fetch-client-tls-secret.sh
new file mode 100755
index 0000000..93e8735
--- /dev/null
+++ b/scripts/fetch-client-tls-secret.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+CLIENT_NAME=${CLIENT_NAME:-clienta}
+NAMESPACE=${NAMESPACE:-by-enable-dev}
+TLS_DIR=${CLIENT_NAME}-tls
+
+export IN_CA_CRT="$TLS_DIR"/ca.crt
+export IN_TLS_KEY="$TLS_DIR"/tls.key
+export IN_TLS_CRT="$TLS_DIR"/tls.crt
+
+export OUT_JKS_TRUSTSTORE="$TLS_DIR"/truststore.jks
+export OUT_P12_KEYSTORE="$TLS_DIR"/keystore.p12
+
+fetch_secret_file() {
+  kubectl get secret -n "$NAMESPACE" "xta-test-server-${CLIENT_NAME}-tls-secret" -o jsonpath="$1" | base64 -d
+}
+
+mkdir -p "$TLS_DIR"
+
+fetch_secret_file '{.data.ca\.crt}' > "$IN_CA_CRT"
+fetch_secret_file '{.data.tls\.key}' > "$IN_TLS_KEY"
+fetch_secret_file '{.data.tls\.crt}' > "$IN_TLS_CRT"
+
+exec /bin/sh keystore-truststore-from-tls-secret.sh
+
diff --git a/scripts/fetch-trust-store.sh b/scripts/fetch-server-trust-store.sh
similarity index 100%
rename from scripts/fetch-trust-store.sh
rename to scripts/fetch-server-trust-store.sh
diff --git a/src/main/resources/store/keystore-truststore-from-tls-secret.sh b/scripts/keystore-truststore-from-tls-secret.sh
similarity index 100%
rename from src/main/resources/store/keystore-truststore-from-tls-secret.sh
rename to scripts/keystore-truststore-from-tls-secret.sh
-- 
GitLab